Multi-level membership inference attacks in federated Learning based on active GAN

In recent years, federated learning has been widely used in various fields, such as smart healthcare and financial forecast, due to its ability to protect the privacy of user secret data. Although federated learning has the capability of protecting users’ data privacy, recent research results demonstrated that federated learning still suffers from many privacy attacks. Among them, membership inference attacks are the most common privacy attacks in which attackers infer whether the record belongs to a member message or not. However, the current studies are unable to provide further depth to infer membership information, meaning that existing attack methods have difficulty deducing specifically which user the record belongs to. Moreover, there is a lack of training data in the training process which seriously impacts the effectiveness of membership inference attacks. In this paper, from the perspective of inferring both model-level and user-level membership information, we not only infer whether a record belongs to members but furthermore identify which member the record belongs to. In addition, we augment the training dataset by leveraging the generative adversarial networks (GANs) approach and address the lack of labeling of the newly generated data with the aid of the active learning approach. To demonstrate the effectiveness of our method, we implement our proposed methods on the five benchmark datasets. Extensive experimental results demonstrate that both model-level and user-level membership inference attacks can be achieved with good effectiveness.